From patchwork Tue Nov 6 15:06:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 993742 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=strlen.de Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42qCcw0y2Cz9sBN for ; Wed, 7 Nov 2018 02:09:20 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730798AbeKGAe6 (ORCPT ); Tue, 6 Nov 2018 19:34:58 -0500 Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:40346 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730783AbeKGAe6 (ORCPT ); Tue, 6 Nov 2018 19:34:58 -0500 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.89) (envelope-from ) id 1gK2yj-0005gR-7I; Tue, 06 Nov 2018 16:09:17 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH nftables 1/2] xt: pass octx to translate function Date: Tue, 6 Nov 2018 16:06:26 +0100 Message-Id: <20181106150627.14393-2-fw@strlen.de> X-Mailer: git-send-email 2.18.1 In-Reply-To: <20181106150627.14393-1-fw@strlen.de> References: <20181106150627.14393-1-fw@strlen.de> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org We can't use it when no translation is available as libxtables will use plain printf(), but when translation is available we can. Signed-off-by: Florian Westphal --- include/xt.h | 5 +++-- src/statement.c | 2 +- src/xt.c | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/xt.h b/include/xt.h index 753511e63508..549eb9fe4153 100644 --- a/include/xt.h +++ b/include/xt.h @@ -6,9 +6,10 @@ struct netlink_parse_ctx; struct nftnl_expr; struct rule_pp_ctx; struct rule; +struct output_ctx; #ifdef HAVE_LIBXTABLES -void xt_stmt_xlate(const struct stmt *stmt); +void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx); void xt_stmt_release(const struct stmt *stmt); void netlink_parse_target(struct netlink_parse_ctx *ctx, @@ -20,7 +21,7 @@ void netlink_parse_match(struct netlink_parse_ctx *ctx, void stmt_xt_postprocess(struct rule_pp_ctx *rctx, struct stmt *stmt, struct rule *rule); #else -static inline void xt_stmt_xlate(const struct stmt *stmt) {} +static inline void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx) {} static inline void xt_stmt_release(const struct stmt *stmt) {} #include diff --git a/src/statement.c b/src/statement.c index 1eaaf58511f0..07e174610493 100644 --- a/src/statement.c +++ b/src/statement.c @@ -832,7 +832,7 @@ struct stmt *tproxy_stmt_alloc(const struct location *loc) static void xt_stmt_print(const struct stmt *stmt, struct output_ctx *octx) { - xt_stmt_xlate(stmt); + xt_stmt_xlate(stmt, octx); } static void xt_stmt_destroy(struct stmt *stmt) diff --git a/src/xt.c b/src/xt.c index 74763d58cafd..5606cafed1e5 100644 --- a/src/xt.c +++ b/src/xt.c @@ -26,7 +26,7 @@ #include #include -void xt_stmt_xlate(const struct stmt *stmt) +void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx) { struct xt_xlate *xl = xt_xlate_alloc(10240); @@ -40,7 +40,7 @@ void xt_stmt_xlate(const struct stmt *stmt) }; stmt->xt.match->xlate(xl, ¶ms); - printf("%s", xt_xlate_get(xl)); + nft_print(octx, "%s", xt_xlate_get(xl)); } else if (stmt->xt.match->print) { printf("#"); stmt->xt.match->print(&stmt->xt.entry, @@ -57,7 +57,7 @@ void xt_stmt_xlate(const struct stmt *stmt) }; stmt->xt.target->xlate(xl, ¶ms); - printf("%s", xt_xlate_get(xl)); + nft_fprint(octx, "%s", xt_xlate_get(xl)); } else if (stmt->xt.target->print) { printf("#"); stmt->xt.target->print(NULL, stmt->xt.target->t, 0); From patchwork Tue Nov 6 15:06:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 993743 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=strlen.de Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42qCd03NDZz9sBN for ; Wed, 7 Nov 2018 02:09:24 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387930AbeKGAfD (ORCPT ); Tue, 6 Nov 2018 19:35:03 -0500 Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:40350 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730783AbeKGAfD (ORCPT ); Tue, 6 Nov 2018 19:35:03 -0500 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.89) (envelope-from ) id 1gK2yn-0005gd-Qe; Tue, 06 Nov 2018 16:09:21 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH nftables 2/2] xt: always build with a minimal support for xt match/target decode Date: Tue, 6 Nov 2018 16:06:27 +0100 Message-Id: <20181106150627.14393-3-fw@strlen.de> X-Mailer: git-send-email 2.18.1 In-Reply-To: <20181106150627.14393-1-fw@strlen.de> References: <20181106150627.14393-1-fw@strlen.de> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org When building without libxtables, nft would just silently omit any presence of nft_compat in the output. This adds ifdef-ry to at least print name of target/match involved when libxtables isn't available for decoding. Signed-off-by: Florian Westphal --- include/xt.h | 13 +------------ src/Makefile.am | 2 +- src/xt.c | 22 ++++++++++++++++++++++ 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/include/xt.h b/include/xt.h index 549eb9fe4153..ab59bb3d45a4 100644 --- a/include/xt.h +++ b/include/xt.h @@ -8,7 +8,6 @@ struct rule_pp_ctx; struct rule; struct output_ctx; -#ifdef HAVE_LIBXTABLES void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx); void xt_stmt_release(const struct stmt *stmt); @@ -18,20 +17,10 @@ void netlink_parse_target(struct netlink_parse_ctx *ctx, void netlink_parse_match(struct netlink_parse_ctx *ctx, const struct location *loc, const struct nftnl_expr *nle); +#ifdef HAVE_LIBXTABLES void stmt_xt_postprocess(struct rule_pp_ctx *rctx, struct stmt *stmt, struct rule *rule); #else -static inline void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx) {} -static inline void xt_stmt_release(const struct stmt *stmt) {} - -#include - -static inline void netlink_parse_target(struct netlink_parse_ctx *ctx, - const struct location *loc, - const struct nftnl_expr *nle) {} -static inline void netlink_parse_match(struct netlink_parse_ctx *ctx, - const struct location *loc, - const struct nftnl_expr *nle) {} static inline void stmt_xt_postprocess(struct rule_pp_ctx *rctx, struct stmt *stmt, struct rule *rule) {} diff --git a/src/Makefile.am b/src/Makefile.am index 307bab108cca..31d076cda82c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -83,8 +83,8 @@ libminigmp_la_CFLAGS = ${AM_CFLAGS} -Wno-sign-compare libnftables_la_LIBADD += libminigmp.la endif -if BUILD_XTABLES libnftables_la_SOURCES += xt.c +if BUILD_XTABLES libnftables_la_LIBADD += ${XTABLES_LIBS} endif diff --git a/src/xt.c b/src/xt.c index 5606cafed1e5..bb626ca82ca8 100644 --- a/src/xt.c +++ b/src/xt.c @@ -28,6 +28,7 @@ void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx) { +#ifdef HAVE_LIBXTABLES struct xt_xlate *xl = xt_xlate_alloc(10240); switch (stmt->xt.type) { @@ -68,6 +69,9 @@ void xt_stmt_xlate(const struct stmt *stmt, struct output_ctx *octx) } xt_xlate_free(xl); +#else + nft_print(octx, "# xt_%s", stmt->xt.name); +#endif } void xt_stmt_release(const struct stmt *stmt) @@ -94,6 +98,7 @@ void xt_stmt_release(const struct stmt *stmt) xfree(stmt->xt.entry); } +#ifdef HAVE_LIBXTABLES static void *xt_entry_alloc(struct xt_stmt *xt, uint32_t af) { union nft_entry { @@ -179,6 +184,7 @@ static struct xtables_match *xt_match_clone(struct xtables_match *m) memcpy(clone, m, sizeof(struct xtables_match)); return clone; } +#endif /* * Delinearization @@ -190,6 +196,7 @@ void netlink_parse_match(struct netlink_parse_ctx *ctx, { struct stmt *stmt; const char *name; +#ifdef HAVE_LIBXTABLES struct xtables_match *mt; const char *mtinfo; struct xt_entry_match *m; @@ -217,7 +224,13 @@ void netlink_parse_match(struct netlink_parse_ctx *ctx, stmt->xt.type = NFT_XT_MATCH; stmt->xt.match = xt_match_clone(mt); stmt->xt.match->m = m; +#else + name = nftnl_expr_get_str(nle, NFTNL_EXPR_MT_NAME); + stmt = xt_stmt_alloc(loc); + stmt->xt.name = strdup(name); + stmt->xt.type = NFT_XT_MATCH; +#endif list_add_tail(&stmt->list, &ctx->rule->stmts); } @@ -227,6 +240,7 @@ void netlink_parse_target(struct netlink_parse_ctx *ctx, { struct stmt *stmt; const char *name; +#ifdef HAVE_LIBXTABLES struct xtables_target *tg; const void *tginfo; struct xt_entry_target *t; @@ -255,10 +269,17 @@ void netlink_parse_target(struct netlink_parse_ctx *ctx, stmt->xt.type = NFT_XT_TARGET; stmt->xt.target = xt_target_clone(tg); stmt->xt.target->t = t; +#else + name = nftnl_expr_get_str(nle, NFTNL_EXPR_TG_NAME); + stmt = xt_stmt_alloc(loc); + stmt->xt.name = strdup(name); + stmt->xt.type = NFT_XT_TARGET; +#endif list_add_tail(&stmt->list, &ctx->rule->stmts); } +#ifdef HAVE_LIBXTABLES static bool is_watcher(uint32_t family, struct stmt *stmt) { if (family != NFPROTO_BRIDGE || @@ -370,3 +391,4 @@ void xt_init(void) /* Default to IPv4, but this changes in runtime */ xtables_init_all(&xt_nft_globals, NFPROTO_IPV4); } +#endif